A proof of two conjectures on APN functions. 
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1 Introduction 

In [2] , after a computer search, the authors give a complete hst of power map- 
pings almost perfectly nonlinear (APN) on Fpn , for 

p" e {2^ 2^, . . . , 2", 3^ . . . , 3^ 5^, . . . , 5^ 72, 7^ t^, ll^ n^}. 

Their article contains many theorems showing that some of these functions are 
members of an infinite family of APN functions. In [6], Zha and Wang give 
theorems that explain several new cases. In [IJ, Dobbertin, Mills, Miiller, Pott 
et Willems try to find families containing values not yet explained in They 
make conjectures that we prove here. 

First we recall the definition of APN function: 

Definition 1.1 Let q — p", p being a prime number and n an integer. Let 
/ : — ^ F^; for all a and b G Fg, we denote by Nf(a, b) the number of solutions 
in ¥q of the equation f{x + a) — f{x) = b. We say that f is APN if 

Af ma.x{Nf{a,b),a,b e Wq,a^ 0) = 2. 

Remark 1.2 • On ¥pn, if we denote A^d by Ad, we have A^pi = Ad, for 
< i < n - 1. 

• We also have Ad = ma,x(Nr^d{l, 6), b e Fq). 
In the following table, we give all cases not yet explained in [2\ : 





p" 


d 


dp' 


I 


35 


134 


(134,160,238,230,206) 


II 


35 


152 


(152,214,158,232,212) 


III 


37 


40 


(40,120,360,1080,1054,976,742) 


IV 


3^ 


224 


(224,672,2016,1676,656,1968,1532) 


V 


3^ 


274 


(274,822,280,840,334,1002,820) 


VI 


53 


14 


(14,70,102) 


VII 


55 


843 


(843,1091,2331,2283,2043) 



We put m = ii±i. 

In [T], Dobbertin, Mills, Miiller, Pott and Willems make conjectures which ex- 
plain cases I, II, III, V and VII of the table : 
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Conjecture 1.3 For n > 5 an odd integer, the function x t-^ x'^ is APN over 
for 

J 3"-! ifn = 3 mod 4 

31:^ + 3::^ ^fn = l mod 4 ■ 

Conjecture 1.4 For n > 5 an odd integer, the function x t-^ x"^ is APN over 
for 

- — g — - si n = S mod 4 

^"'^g^^ + ^"2"^ si n EE 1 mod 4 

Conjecture 1.5 Let n be an odd integer. The function x x'^ is APN over 
Fs" for 

5" - 1 5™ - 1 

Now we recall two theorems proved in [B] (theorem 4.1 and 4.4) that explain 
cases IV and VII of the table : 

Theorem 1.6 (Zha, Wang) On ¥3^, the function f : x x'^ satisfies < 2 
for d such that (S'^ + l)d — 2 ~ 7i(3" — 1) where u is odd and gcd(n, k) — 1. 
Furthermore, f is APN if 2k < n. 

Theorem 1.7 (Zha, Wang) The function x ^ x'^ is APN over Fsn for d such 
that (5*^ + l)d — 2 = u(5" — 1) where gcd(n, k) = 1, u is odd and k is even. 

Using theorem 11.71 Zha and Wang prove conjecture 11.51 

The following theorems are proved in [T (Theorem 2.1 and 2.2) : 

Theorem 1.8 (Dobbertin, Mills, Miiller, Pott, Willems) Let n he an odd inte- 
ger. In Fsii , the function x ^-^ x'^ satisfies < 2 for 

if n = 'i mod 4 



^ - I 3::^ + 3::_^ ^fn=l mod 4 ' 

Theorem 1.9 (Dobbertin, Mills, Miiller, Pott, Willems) Let n he an odd inte- 
ger. In F311, the function x ^-^ x'^ satisfies A^ < 2 for 

^ \ ~ si 71 = 3 mod 4 
I + 2^ si 71 = 1 mod 4 



In the next section, we prove conjectures 11.31 and II .41 In section 3, we prove the 
following theorem, which gives a new infinite family of APN functions : 

Theorem 1.10 Let I > 2 and n an integer such that n = —1 mod 2' then the 
function x ^-^ x'^ is APN over Fs^ for 

, 1 5"+^ - 1 5" - 1 
^5^ + 1 4 

Finally, in the last section, we make some remarks about Zha and Wang the- 
orems. In particular we give a new proof of conjecture 11.51 in the case where 
71 = 3 mod 4. 
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2 Proof of conjectures 11.31 and 11.41 



In this part p — 3. Using theorems 11.81 and 11.91 , we only have to show that 
Ac; ^ 1 which means that {x + 1)'^ — x'^ is not a permutation polynomiaL 
We do that with Dickson and Hermite's criterion which gives a necessary and 
sufficient condition for a polynomial with coefficients in ¥q to be a permutation 
polynomial over : 

Theorem 2.1 (Hermite an Dickson's criterion, see ^ p. 349) The following 
propositions are equivalent : 

1. f{x) G ¥q[x] is a permutation polynomial over ¥q. 

2. f{x) has exactly one root in Fg and 

\/t, l<t<q — 2, t^O mod p, the reduction {f{x)Y mod x'' — x has 
degree less than q — I 

We also need Lucas' theorem : 

Theorem 2.2 (Lucas see [Sj, p. 230) Letp he a prime number, n and r integers. 

We consider p-adic decomposition of n and r : 

n = no + nip + . . . + Ukp^ with < < p — 1, 

r = To + rip + . . . + rkp^ with < < p — 1 . 

Then 




mod p. 



Now we can prove the conjectures 11.31 and 11.41 

Since in each case gcA{d, 3" — 1) = 2, we have to find t in Hermite and Dickson's 
criterion such that the degree of ((a; + l)"* — a;'')* mod x'' — x \s q — 1. 



{{x + If - x^y = j2 (l) + i)'^'=(-i)*-'=x'^(*-'=) 



k=0 ^ ^ \j=0^-^ 



r.dk~] ^d{t-k) 



k=0 ^ ^ j=0 

The degree of x^ mod x'' — x is q — 1 \i and only if fc = mod q—1 and fc ^ 0. 
For G R we denote by \v'] the ceilling of x and by [vj its floor. Then the 
coefficient of x'^~^ in ((x + l)'^ — a;"^) mod — x is 



k J \dt — i{q — 1) 
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Case where n = 1 mod 4 in conjecture 11.31 

We have d = 211^ + ^-f^- We choose i = 2 then, smce n ^ 1, [^J = 1 
and = 1. So 



3" + 3™ - 2 



^ ' 3™ - 1 j ^ I 3"' - 1 

m— 1 



3"-l I 3" -1 



On one side, 3" + 3" - 2 = 3" + ^ 2 x 3^= + 1 and 3™ - 1 = ^ 2 x 3^= so by 



Lucas' theorem, ( ) = mod 3. 

n— 1 m—1 n— 1 rn~l 

On the other side, ^ + = ^ 3*^ + ^ 3*^ = ^ 3'^' + ^ 2 x 3*^. So 

fe=0 A:=0 fc=m k=0 

, 3"-l I 3"^-l , 

= 1 mod 3. 

Case where n = 3 mod 4 in conjecture 11.31 

We have d = 2!^. Let s = 2 x (3™"^ + 1), we choose t = 2s + 4. Forn > 3, 
< t < q - 1 and t ^ Q mod 3. Furthermore, [^J = 2, = s + 6 

and [i^i^HiS^] = 7. So 

We have t = 4 x 3"-! +8 = 3™ + 3"-i +2x3 + 2. 

So by Lucas' theorem, (*.) ^ mod 3 if and only if fc = a3™ + 63""i + c3 + d 

where a, 6 G {0, 1} and c, d e {0, 1, 2}. 

Then 

n— 1 m — 2 

dfc = a3" + (a + &) ^ 3J' + (a + fe + c)3"' + (5 + c + d)3'"-i + (c + d) ^ 3^' + d 

m-2 

Furthermore, dt - 2{q - 1) = 3"+^ + ^ 2 x 3-'' + 1 and 

m-2 

- - 1) = 3" + 3"'+i + ^ 2 X 3^'. 
So ^ mod 3 if a = 1 and c + d = 2. 

Assume that 5=1, then b + c + d = 3 and 5 > a + 6 + c+l > 3. So the coefficient 
of 3'"+i in 3-adic decomposition of dk is which means that {j^^_2^^_^^ = 
mod 3. Hence the only k remaining in the first sum are 3™ + 2 x 3, 3™ + 3 + 1 
and 3" + 2. 

Now we consider the second sum : 

{M-2{q-i)) ^0 mod 3 if d e {1,2} and 
c + d = 2, namely if c = 1 and d = 1 or if c = and d = 2. Since fc > 7, 
a and 6 can't be both 0. Assume that a — h — 1 then 6 + c + d = 3 and 
4>a + c+ &+ l>3. So the coefficient of 3'"+i in 3-adic decomposition of dk 
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is 0, which means that (^t_2((j-i)) ~ ^ mod 3. Hence the only k remaining in 
this sum are 3™ + 3 + 1, 3™ + 2, 3™"! + 3 + 1 and 3"-i + 2. 
Finally : 



C = - 



t \ /rf(3" + 2 X 3)\ / t \ /d(3" + 3 + 1) 
3'" + 2x's)\dt-{q-l) J ^ \3"^ + 3 + V V dt^{q-l) 
t \/d(3" + 2)\ _/ t \/d(3™ + 3 + l) 
3™ + 2)\dt-{q-l)) + 3 + l)\dt-2{q-l) 

t \/ d(3" + 2) \ _/ t \ /d(3™-i +3 + 1) 
3™ + 2)\dt- 2{q - 1)7 ^v3™-i + 3 + V V dt-2{q-l) 
t \/d(3™-i+2) 
3"-i + 2/ \dt-2{q- 1) 

Now, we have t = 3" + 3'""i + 2 x 3 + 2, so by Lucas' theorem, (g^+axs) = 1 

?i — 1 7n — 2 

mod 3. Moreover ^(3™ + 2x3) = 3"+ ^ 3^ + 2 x 3"+^ + 2 x 3™"^ + 2 ^ 3^' 

m-2 

and d< - (g - 1) = 3" + 3"+^ + ^ 2 x 3^ so {^fZtq-l)) = ^ 1^°^ 3. 
We do the same for all binomials and we get C = 1 mod 3. 

Case where n= \ mod 4 in conjecture 11.41 

We have d = ^""g"'^ + We choose t = 2 then [-^J = 1 and = 

1. So ' 



^ + 3" - 1 



C — ( 3..+1-1 ) + ( 3"+i-l 



3"-l , 3"+^-l 



On one side, we have ^^^^^+3"-l ^ ^ 2x32''+3"+l and ^'"'^''^ =2^3 



1 

2k 



fe=l fc=0 



So by Lucas' theorem, ( t^+i-i ) = mod 3 

4 



On the other side, + ^" = ^ 2 x 3^'^ + ^ 3' 
So, ( ^„+r7 ^) = 1 mod 3. 



2fe+l 

fc=0 fe=0 



Case where n = 3 mod 4 in conjecture 11.41 

We have d = ^"'^'^^ We choose t = 26, for n > 5, 1 < < < g - 2 and 
t ^ mod 3. Furthermore 

(7y^ 13 3" 



g _ 1 4 ' 3" - 1 
Forn>5, ig>3|lT>l. So L^J = 9. 

We have ^ = 2 + 2x3 + 2x9 so by Lucas' theorem, (*) ^ mod 3 if and only 
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iik = a + 3b + 9c,a,b,ce {0, 1, 2}. 

n-1 n — 1 Ti-1 

2 2 2 

In addition, d = 3^^ so ^/A; = a + ^ (a + c)3^^" + ^ 63^^+^ + c3^+^ 

n-l 
2 

Wehavedt-{q-l) = ^ 2 x 32'' + 2 x 3" + 2 x 3"+\ So, if we write j = a + 3/3, 

/c— 1 

a, /?e{0,l,2}, 

n-l 
2 

- (j + l){q - 1) = a + /33 + ^ 2 X 3^*^ + (2 - a)3" + (2 - /3)3"+^ 

(di-(j+i)(g-i)) ^ ^ mod 3 if and only ifa>a, 6>/?, 6>2 — a, c>2 — /3 
and a + c = 2. 
Finally, 




= 1 mod 3 



In all cases we have proved that C ^ mod 3; so by Hermite and Dickson's 
criterion 7^ 1. 



3 Proof of theorem 11.101 

We give first some preliminary results : 

Lemma 3.1 (see fT^ p. 97) If gcd{d,q — 1) = 1 then Ad = A^-i where d^^ is 
the inverse of d modulo q ~ I. 

Proposition 3.2 (see 12], corollary 1 p. 4-84) Let n and k be integers such that 
gcd(2n, fc) = 1. Then x ^ x'^ is APN over F5>. for d = 

Corollary 3.3 Let n be a integer such that rt = 2' — 1 mod 2'+^ then x x"^ 
IS APN over Fg,. for d = ^^^L+i . 

Proof : If n = 2' - 1 mod 2'+^ then ^ = 1 mod 2. So gcd(2n, '-^) = 1 
and by proposition 13.21 we get the result. 

□ 

Now we are able to prove theorem II. 101 

First we consider the case where n = 2' — 1 mod 2'+^. We have 

+ 1 , 5"+i - 1 + 1 5" - 1 

d = \ 

2 4 2 4 

^„ 5" - 1 + 3 
+— 
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but if n = 2' - 1 mod 2^+\ ^ = 1 mod 2 and +3 = mod 8. So 

EE 1 mod 5" - 1 

2 

Hence d is invertible modulo 5" — 1 and d^^ — -^-2^— ti. By corollary 13.31 
X x'^ is APN over Fs^ , so by lemma 13.11 we get the result for n = 2' — 1 
mod 2'+i. 

If n = -1 mod 2'+i then (2' + l)n = 2' - 1 mod 2'+i. We put 

1 5(2'+l)n+l _ ^ ^{2'+l)n _ 

e = ; 1 . 

2 (2'+i),i+i 4 

^5 ^ +1 

By the first case a; H' a;^ is APN over F.(2!+i)„. Furthermore, 



2-1 



, (2'+l)„+l 5(2'+l)n _ 2^ 

-L/C ^7 \ I 



k=0 

1 y (-l)'=+i5"'=(5^)'= + 5"^^^ + ^—-^ 

2 \ V \ / 4 4 

2'-l ^„ , , 2'-l fe-1 



5"(5" - 1)4 E 5"^' + + (5" - E (-1)'^' E 

j=0 k=l j=0 

iE(-ir^(5^)' 



fc=0 

2'~1 2'-l fe-1 

Since E 5"^' = mod 4 and E (-1)''+^ E ^"^(s'^)''' = mod 2 for / > 2, 

fe=0 fe=l j=0 

we have : 

1 5"+i - 1 5" - 1 ^ ^„ ^ 

e = -—-n \ : — mod 5 - 1 

25^^+1 4 

Since a; 1— a;*^ is APN over Fg(2;+i)„ , for all b G Fsn the equation (x+l)*^ — a;*^ = b 
has at most two solutions in Fg(2!+i)„ D So, since e = d mod 5" — 1, for 
all b E Fs^, (a: + 1)'' — x'^ = b has at most two solutions in F51. and A^; < 2 for 
71 = -1 mod 2'+i. 

2'-l 

Furthermore since n is odd, ^ ~^ = 1 mod 2. In addition E] = 

fc=0 

mod 4, so d = 1 mod 2. Then both and -1 are solutions of + — a;'^ = 
and we get the result for n = — 1 mod 2'+^. 

4 Some remarks about Zha and Wang theorems 

First we notice that theorem 11.71 gives another proof of the case n = — 1 
mod 2'+^ of theorem ll.lOl 
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Now, we give another proof of coiiiecture 11.51 In the case where n = 1 mod 4 
it is the same that in theorem 4.5 of Zha and Wang. But the proof of the case 
where n = 3 mod 4 doesn't use theorem 4.4. 

First we recall the idea of the proof in case where n = 1 mod 4 : 

cm I 1 

—d=l mod(5"-l). 

So by lemma [5TT] and corollary 13. 31 we get the result. 

If n = 3 mod 4 then 3n = 1 mod 4. So 

5^" - 1 5^ - 1 5" - 1 5" - 1 _ ^, 2.5'" + 5"(5" + l) 

2 4 2~"^^ 4 

= mod (5" - 1) 



3.1+1 



So e = " + ^ \ = + mod 5" - 1 and, by the case where 

n = 1 mod A, X x'^ is APN over ¥53^ and < 2 for n = 3 mod 4. Fur- 
thermore d is odd, so (0 + 1)^ - 0"^ = 1 = (-1 + I)'' - (-1)'' and = 2. 

We finish by a remark on theorem 4.1 of [6J : 

For I S N and n = — 1 mod 2', if we take k = and u = 3 in theorem 11.71 
we get that a; i-^- x'' is APN for 

qri+l _ 1 



3^ + 1 



For 1 = 2, this gives an explicit family to explain case IV of the table. Actually 
this family contains 656 = 224 x 5**. 
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